Improper input validation in Hp Data_protector

CVE-2011-0924

The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by o…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.055 (90.4th percentile) — read the EPSS interpretation.

Affected products

Hp Data_protector
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (x_refsource_MISC)
SSRT100441 (x_refsource_HP, vendor-advisory)
ADV-2011-0308 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
46234 (vdb-entry, x_refsource_BID)